Friday, November 6, 2015

Global Techno Legal News And Views By Perry4Law Organisation (P4LO)

Merging of technology and law raises interesting techno legal issues that are not easy to handle. There are very few organisations or individuals that can manage techno legal issues in India and world wide. Perry4Law Organisation (P4LO) is one such organisation that handles unique and qualitative techno legal services in fields like cyber law, cyber security, cyber forensics, e-discovery, etc. One such initiative is known as Global Techno Legal News and Views.
Some of the interesting post of the blog are:

(1) Non Mandatory Aadhaar: The matter pertaining to legality and constitutionality of Aadhaar project is pending before the Supreme Court of India. The Central Government has been maintaining that Aadhaar is not mandatory but for all practical purposes it has been made mandatory by Indian Government.

(2) Digital India: Digital India project of India is an ambitious but troublesome initiative as it is suffering from numerous shortcomings. This is the reason that the Digital India project is heading towards rough waters. In fact, Digital India is the biggest digital panopticon of India so far. There is an urgent need to make it legal and constitutional.

(3) Carbanak Malware: The notorious malware Carbanak was instrumental in stealing about a Billion US Dollars from financial institutions worldwide. Vskimmer Trojan, capable of stealing credit card information from Windows systems, was already in circulation. Similarly, the Malware Dump Memory Grabber was also targeting POS systems and ATMs of major U.S. banks. These malware were creating havoc in India and international levels.

(4) Censorship By Twitter: In an unexpected move, Twitter has been censoring tweets relating to topics like Aadhaar, Digital India, etc. Till the time of writing of this post, Twitter is still censoring topics like Aadhaar, Digital India, etc.

(5) Hardware Spyware: Kaspersky has revealed that intelligence agencies have been using hardware based stealth spyware. These hard drives are manufactured by Western Digital, Seagate, Toshiba and other top manufacturers, thereby making their use a potential cyber hazard.

(6) FBI Search Warrants: Recently a proposal was made to expand the search warrant powers of FBI. Google opposed the same and openly conveyed its dissent for the proposed US Justice Department proposal to expand federal powers to search and seize digital data, warning that the changes would open the door to US “government hacking of any facility” in the world.

(7) Lenovo Adware: Lenovo has been accused of pre installing Adware in laptops thereby compromising their security. Users have complained that a programme called Superfish pre-installed by Lenovo on consumer laptops was “Adware”, or software that automatically displays adverts.

(8) Microsoft Cloud Computing: It has been reported that Microsoft has adopted a new standard for cloud privacy that commits the company to protect the privacy of customers’ data, not to use it for advertisement purposes, and to inform the customer of legal requests for personal data. Google along with other companies has been fighting against e-surveillance activities of U.S. agencies.

(9) Mobile Communications Security: Intercept has recently published an article describing that U.S. and British spies hacked into the internal network of Gemalto in 2010 that is one of the largest manufacturers of SIM cards in the world. They stole the encryption keys used to protect the privacy of mobile cellular communications across the globe. These spies mined the private communications of Gemalto engineers and employees in multiple countries, including India. However, the most interesting revelation comes in the form that GCHQ could not intercept keys used by mobile operators in Pakistan, even though Pakistan is a priority target for Western intelligence agencies. This is because Pakistanis used more secure methods to transfer the encryption keys between the SIM card manufacturers and Pakistani mobile operators.

(10) Lawyers Communications: Recently a British court ruled that the U.S. – U.K. surveillance regime was unlawful for seven years. This means that the regime has also failed to comply with the European convention on human rights. U.K. government is already facing a trial where it has been accused of unlawfully intercepted conversations between lawyers and their clients.

(11) Online Card Games: Some online gaming stakeholders in India have approached the Supreme Court of India to get clarity on the legality of online games like rummy, poker, etc. In response of the same, the Supreme Court asked the opinion of Central Government in this regard but the same has been informally denied by the Central Government. This means that till the time Supreme Court actually says that online rummy, online poker and online card games are legal in India, majority of these gaming stakeholders may be exposing themselves to legal risks and civil and criminal liabilities. Now that the Supreme Court of India has finally refused to decided legality of online poker and online rummy in India, online card games websites may be legally risky if not properly drafted and managed.

(12) Internet Safety Campaign: Indian government has announced that an Internet safety campaign would be started very soon in India. From the media reports it seems that the awareness drive would cover all stakeholders ranging from school level to government departments.

(13) Google Timestamps: In a bizzare manner, Google has manipulated the timestamp of the news titled Digital India, Aadhaar and digital panopticon of India and put the date 27-02-2015 instead of 02-03-2015. This means that news surfers looking for latest news would not get the same and after some time the news would be removed from the relevance search as well. We have also checked the date results and the news was lying on 4th page with other news of 27th February 2015 date. This is a strange behaviour on the part of Google and all such behavioursa of Google are catalogued at the blog titled “Unofficial Websites, News, Blogs And SERPs Censorship By Google“. A mirror of this blog is also available here.

(14) E-Mail Policy: Indian government has been struggling long to formulate and implement the e-mail policy of India. This is important for India as sensitive documents cannot be transferred out of India as per Indian laws like Public Records Act, 1993. Even Delhi High Court is analysing the e-mail policy of India and has shown its displeasure over slow action on the part of Indian government in this regard. It has now been reported that Indian government has decided to ban the use of Gmail or any other private email for official communication across all its organisations, and make it mandatory for them to migrate to email services provided by the National Informatics Centre (NIC).

(15) CISO Of India: In a significant move, the Prime Minister’s Office (PMO) has appointed Dr. Gulshan Rai as the first Chief Information Security Officer (CISO) of India. This would go a long way in ensuring critical infrastructure protection in India (PDF). We also strongly recommend that a revised Cyber Security Policy of India 2015 must be drafted by Modi Government that must address cyber security issues in a more comprehensive and holistic manner. Further, international legal issues of cyber attacks must also be considered well in advance by Indian Government. Perry4Law Organisation (P4LO) has released a research paper on international legal issues of cyber security and cyber attacks and the same can be considered by Indian Government while strengthening Indian cyber security capabilities.

(16) Anti Bullying Committee: Cyber bullying in India is a big nuisance with practically no remedies. However, things would be changed very soon with the issuance of CBSE Guidelines for Prevention of Bullying and Ragging in Schools 9th March 2015, Reg: (D.O. No. 12-19/2012-RMSA-I) (PDF). Due to increasing cases of physical and cyber-bullying of students, Central Board of Secondary Education (CBSE) has directed all its affiliated schools to form an anti-bullying committee. The committee should comprise of vice-principal, a senior teacher, school doctor, counsellor, parent-teacher representative, school management representative, legal representative and peer educators. CBSE also directed the schools to tackle sexual abuses and strictly implement POCSO Act 2012.

(17) Technology Companies Regulations: Dealing with technology and foreign companies is a big challenge for Indian government. Whether it is taxation aspects or applicability of Indian laws to such companies, India has not been able to achieve a success in this regard so far. There is also a lack of legal framework to govern such technology and foreign companies in India as on date. At Perry4Law Organisation (P4LO) and Perry4Law’s Techno Legal Base (PTLB) we have been suggesting techno legal frameworks in this regard from time to time. We at P4LO and PTLB welcome this support of Indian Government and various stakeholders to our suggestions and recommendations from time to time. However, we strongly recommend that we need a comprehensive techno legal framework in this regard especially if we have to make the “Made in India” and “Digital India” projects successful.

(18) Killer USB: A Russian hacker/researcher created a killer USB that can crash the victim system once the modified/hacked USB is plugged into it. The basic idea of the USB drive is quite simple. When we connect it up to the USB port, an inverting DC/DC converter runs and charges capacitors to -110V. When the voltage is reached, the DC/DC is switched off. At the same time, the filed transistor opens. It is used to apply the -110V to signal lines of the USB interface. When the voltage on capacitors increases to -7V, the transistor closes and the DC/DC starts. The loop runs till everything possible is broken down.

(19) Traffic Routing: Networks and systems need to trust each other to make the Internet function in a speedier manner. If one system or service provider falters, the services of other may be hampered. In one such incidence, users around the world were not able to access Google’s service for a short period of time due to a technical glitch. Users were cut off due to the routing leak from Indian broadband Internet provider Hathway. The leak is similar to a 2012 incident caused by an Indonesian ISP, which took Google offline for 30 minutes worldwide.

(20) Grid Security Expert System (GSES): A Grid Security Expert System (GSES) of India has been proposed to be developed by Powergrid. Cyber security of automated power grids of India is need of the hour. It is only after a massive power blackout in 2012 that Indian government has woken up to the dangers of cyber attacks against Indian power sector. GSES would involve installation of knowledge based Supervisory Control and Data Acquisition (SCADA) system, numerical relays and Remote Terminal units upto 132 kV stations and the reliable Optical fibre Ground wire (OPGW) communication system at an estimated cost of around Rupees 1200 crores. The objective of the GSES is implementation of the Automatic Defense mechanism to facilitate reliable and secure grid operation.

(21) Cyber Law Due Diligence: Cyber law due diligence received a major jolt when the Supreme Court of India read down the internet intermediary due diligence requirements. The main problem seems to be reading down of Section 79(3) (b) and Rule 3(4) By Supreme Court in a manner that would be counter productive in the long run. In fact, reading down of Section 79(3) (b) and Rule 3(4) is more problem than solution as the Supreme Court erred in adopting this approach.

(22) SEBI And Cyber Security: It has been reported that SEBI has expanded the ambit of its Technical Advisory Committee (TAC) to include cyber security of the markets. CECSRDI welcomes this move of SEBI and is committed to help it in every possible manner to achieve this benign cyber security objective.

(23) E-Police Station: An e-police station in Delhi would register online FIR for motor vehicle theft cases. The pilot project of the “Motor Vehicle Theft (MVT) Application” is now accessible on mobiles and computers. Presently this facility is available only for police stations in South Delhi and the same will be extended to entire Delhi after sorting out technical glitches and other problems.

(24) Social Media Compliances: Social media websites are not complying with laws of India. India’s struggle against social media websites to fall in line with Indian laws continues even in Narendra Modi’s regime. To make the matter worst we have no social media laws in India or any effective and implementable social media policy of India. Of course, a new framework for use of social media by governmental organisations has been suggested by Indian government in the past but that is of little help in solving the present problem at hand. The real solution, according to Praveen Dalal, is formulation of a techno legal framework that can address the diverse and complicated issues of cyberspace in India. In short, social networking laws in India need clarity and codification.

(25) MPPEB Scam: MPPEB scam has become an investigation nightmare for the law enforcement agencies of India. The credibility and reliability of evidence is in question on the one hand and unresolved cyber forensics issues are on the other hand. Scientific investigation methodology is still to be used in the investigation of MPPEB scam.

(26) IT Subsidiary Of RBI: The Reserve Bank of India (RBI) has showed its commitment to fight against cyber crimes and financial frauds by declaring that an information technology driven subsidiary would be established by it to deal with cyber nuisances. This IT subsidiary of RBI would also deal with cyber security and related issues with a special focus upon banking related technology issues. The IT subsidiary of RBI would also evaluate the technical capabilities of banks that is almost missing as on date.

(27) Privacy Invasive Software: The Supreme Court of India has asked the Indian Government to clarify upon privacy invasive software and mobile applications. Supreme Court of India has taken a serious note of the software and mobile applications that can be used to extract private information from smartphones.

(28) Smart Cities In India: Smart cities in India have been proposed to be established in near future. However, smart cities in India may face cyber security and civil liberties issues that are left unresolved by Indian Government.

(29) Protection Of Good Samaritan: In a welcome move, the Narendra Modi led Government has issued Guidelines on Protection of Good Samaritan While Saving Lives of Road Accident Victims (2015) (PDF). This shows the sensitivity of Indian Government towards the precious lives that can be saved if road accident victims can be taken to hospitals as soon as possible.

We hope our readers would find this post and blog useful.

Source: P4LO.